1. Field of the Invention
The present invention generally relates to protecting an application executing on a computer not only from attacks from “outside” the application but also from attempts to introduce malware “inside” the application through vulnerabilities in the application's interfaces. More specifically, the esm (EnterSecurityMode) instruction previously described in the above-identified co-pending applications, is extended to include two additional address range fields, a first of which tells the CPU hardware that the address range corresponding to code is “read only” from the perspective of the application, and the second of which tells the hardware that the address range corresponding to the application's data, stack, and heap is “no-execute.”
2. Description of the Related Art
IBM Research has been developing an innovative secure processor architecture that provides for verifiably secure applications. The architecture protects the confidentiality and integrity of information in an application so that ‘other software’ cannot access that information or undetectably tamper with it.
The present invention protects an application not only from attacks from “outside” the application but also from attempts to introduce malware “inside” the application through vulnerabilities in the application's interfaces.